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The present invention is directed to a touch screen system and method for entry of encrypted and non-encrypted information. The 
system and method comprise a sensing means (305) for detecting the coordinates of a touch screen device, a toggling means (310, 315) for 
toggling between encrypted and non-encrypted mode, a processing means (310) for encrypting data associated with the coordinates of the 
touch and transmitting the encrypted or non-encrypted data to a remote processor (325), a tamper resistant housing and a switch means for 
detecting if the tamper resistant housing is intact. 
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CROSS-REFERENCE TO RELATED APPLICATION 

This application is a continuation-in-part of now pending United States 



Patent Application Serial No. 09/220,215 filed December 23, 1998, the contents of 
which are hereby incorporated by this reference. 

BACKGROUND OF THE INVENTION 
10 1. Field of the Invention 

The present invention relates to a method and system for securing and using a 
touch screen as a conventional touch screen and also as a cryptographic Personal 
Identification Number (PIN) Entry Device (PED). 

15 2. Description of the Prior Art 

There are two defacto industry standards for user input in public access 
devices. The use of each standard depends on the application as each has a specific 
purpose. The two technologies are touch screen and a keyboard for entry of a personal 
identification number (PIN pad). Examples of touch screens include information 

20 kiosks, custom greeting card do-it-yourself terminals, fast food self-order terminals, 
etc. PIN pads may be used anywhere a debit card may be used such as grocery store 
checkout lane terminals, Automatic Teller Machines (ATM), and gasoline dispensers. 
Usually PIN pads are configured like a telephone key pad and the user enters an 
access code that is packaged and sent to a remote processor for validation. 

25 Choosing one type of public device over the other means sacrificing 

functionality to the user. If a touch screen is selected, a debit card or any other 
payment method requiring an encrypted digital signature such as passive debit cards 
cannot be accepted for payment at the terminal. The reason for this is security. Any 
machine that requires an encrypted digital signature such as a user's personal 
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identification code must include security measures to prevent unauthorized access to 
the code. On the other hand, if a PIN pad is chosen, the user must translate a request 
for input from a screen to input on a numeric keypad. This type of interface is non- 
intuitive to the user as it diverges from the familiar point-and-click interaction model 
5 of modern applications. 

To overcome the shortcomings of each, many systems include both a touch 
screen and a keypad. This combination of an interface is also non-intuitive to the user 
as some input is entered on the touch screen and other input is entered on the keypad. 

10 SUMMARY OF THE INVENTION 

The present invention is directed to a system and method that coalesces a 
touch screen and a PIN pad into a single secure device that meets the requirements of 
both. The system and method includes advantages of each system with a small cost 
increase and requires low maintenance. The system and method selectively generates 
15 encrypted and non-encrypted data within a touch screen device and transmits the data 
to a remote processor. The system and method comprises a sensing means for 
detecting the coordinates of a touch on the touch screen device, a toggling means for 
toggling between an encryption and non-encryption mode, and a processing means for 
encrypting data associated with the coordinates of the touch and transmitting the 
20 encrypted data to a remote processor, if the toggling means is in the encryption mode, 
or transmitting data associated with the coordinate of the touch in an unencrypted 
format to the remote processor, if the toggling means is in the non-encryption mode. 

Resident encryption keys are used to encrypt data when the processing means 
is in encrypted mode. Therefore, the sensing means, toggling means and processing 
25 means may be housed in a tamper resistant housing. In addition there is a need to 
physically insure that the removal of a touch screen from its frame will destroy the 
local encryption key. A switch means is provided that detects if the tamper resistant 
housing is intact. 
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BRIEF DESCRIPTION OF THE FIGURES OF THE DRAWINGS 

FIG. 1 is a block diagram illustrating the components of a PIN Entry Device 
(PED). 

FIG. 2 is a block diagram illustrating the components of a touch screen. 
FIG. 3 is a block diagram illustrating the components of the present invention. 
FIG. 4 is a schematic illustrating a secure touch controller with a touch screen 

that utilizes resistive technology. 
FIG. 5 is a schematic illustration of the switch mechanism. 
FIG. 6 A is a schematic illustration of the switch mechanism when opened. 
FIG. 6B is a schematic illustration of the switch mechanism when closed. 

DETAILED DESCRIPTION OF THE INVENTION 

To understand the invention, each system, a touch screen and a PIN entry 
device must first be explained. As shown in FIG. 1, PIN entry devices (PED) 
typically consist of a keypad 105 of twelve keys (0-9, ENTER, CLEAR) in a three by 
four key grid, similar to a phone keypad. The PED typically also has a small auxiliary 
display 110 (usually less than four lines by twenty characters), an auxiliary beep 
speaker 1 15, and a connection port 140 to a computer where the application program 
resides. The PED has a microprocessor 120 that connects all of these together, taking 
input from the keypad 105, providing feedback on the display 1 10, and sending it to 
the computer 125 for processing. The microprocessor 120 may also operate in an 
encrypted mode whereby it accumulates several keystrokes without sending these to 
the application program. Instead, it waits for the ENTER key to be pressed and then 
performs an encryption algorithm on the accumulated inputs. The data sent to the 
application program is an encrypted PIN block that can only be deciphered by a 
remote payment authorization computer. 

There are many industry, government, and international regulations that 
govern the design of PEDs. These regulations govern how the keys are arranged, the 
color of the keys, how the keys must be displayed, how the components are physically 
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housed, etc. These regulations are aimed at preventing an unauthorized user from 
accessing information that would allow theft or fraud. In general, a PED must be 
designed and manufactured to have a standard level of physical security, it must meet 
cryptographic requirements, and it must be handled under strict policies at all times. 

5 FIG. 2 is a block diagram illustrating the components of a touch screen. 

Touch screens allow a user to interface with a machine by touching an electronic 
touch target on the glass itself. Touch screens generally comprise of a glass with a 
series of emitters and sensors 205, and a touch controller 210. For example, in the 
touch technology typically called "infra red" due to the nature of the light emitted by 

10 the sensors, the touch is electronically located through emitters that are connected to 
horizontal and vertical sensors located along a horizontal side and a vertical side of 
the glass. When the user's finger touches the glass, the finger block emitters opposite 
the sensors record where the glass was touched as well as the type of interaction (new 
interaction, continued interaction, concluded interaction). There are other types of 

15 touch technology such as resistive, capacitive, acoustic, and the infra red example is 
only given for illustrative purposes and is not intended to limit the scope of this 
invention. 

The touch controller 210 may determine the coordinates of where the screen 
was touched from the vertical and horizontal sensor that recorded the touch. The touch 

20 controller 210 then outputs the coordinates and the type of interaction to the computer 
215. The application program typically performs a calibration step that translates the 
output from the touch controller 210 (coordinates and type of interaction) into the 
screen display coordinate system. The application program then uses the screen 
display coordinate system with what is displayed on the screen at those coordinates to 

25 determine the user's input. 

In general, a touch screen and a PED are similar at the high level. There is a 
user, a sensor to detect the user's input, a processor, an application program, and a 
subsequent action. For example, using a PED, a user presses ENTER, the keypad 
sensor detects that ENTER was pressed, the processor detects the end of 
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cryptographic input, performs encryption and sends the PIN block to the computer, the 
computer receives the PIN block and displays "PLEASE WAIT" to the user. In a 
touch screen, the user removes their finger from the screen, the touch sensor changes 
the signal to indicate that no interaction is taking place, the touch controller detects 
5 end of interaction and uses the last coordinate before the interaction ended, the 
computer receives the last coordinate with touch type of "end of interaction" and 
calibrates the coordinates, cross-references to current contents of screen and 
determines that the user has ended his interaction. The computer then displays the 
next menu option based on the user's selection. 

10 There are also dissimilarities between a PED and a touch screen. Whereas a 

PED is typically connected to a display device as well as to a sensor, the touch screen 
controller has no display connection. Whereas the PED returns the user's input to the 
computer (such as a specific key), the touch controller returns a set of numbers that 
must then be calibrated, cross-referenced to screen contents and processed by the 

15 computer in the context of what is currently displayed on the screen. Whereas the 
PED operates under many standards and controls at every level, there are no touch 
screen standards or controls at any level. Finally, whereas the PED can accumulate 
several user events, combine them, and encrypt them, the touch controller returns 
input in the most basic granular form possible for the computer to process. 

20 FIG. 3 is a block diagram of the present invention that combines a PED and 

touch screen components. To combine the technologies of a PED and a touch screen, 
a sensor must first be chosen. Since an advantage of the touch screen is the flexibility 
of its sensor, the touch sensor 305 is the desired sensor for a combined device. To 
meet the security requirements of a PED, the connection 318 between the sensor and 

25 the touch controller must be physically secure such that an attack to monitor the signal 
between the sensor and the touch controller is deterred. 

As shown in FIG. 4, in the preferred embodiment, for resistive and infrared 
sensors that have easily decoded sensor connections, the touch controller 405 may be 
securely mounted directly on the touch sensor 410 and 'potted' with a substance such 
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as epoxy to form a solid physical block. Since the sensor 4 10 and controller 405 arc a 
single block, their interconnection is not exposed for tampering. Any attempt to 
tamper with the device would result in destruction of the sensor or the electronics. 
For other technologies such as acoustic wave, capacitive, or any other wave analog 
5 form technology, the sensor to controller connection is intrinsically tamper resistant 
because the signal is a reflection of the carrier produced by the controller. Any 
tampering or tapping of the connections would sufficiently modify the signal or the 
carrier such that the sensor would cease to operate. This is an acceptable mode of 
protection in the industry. For non-resistive touch technologies, the cable end may be 
10 bonded to prevent unauthorized replacement of the touch glass, but not directly 
bonded to the glass. Note that for non-resistive touch technologies, although the 
touch controller is not bound to the touch glass, the touch controller would still be 
encased in epoxy or potted to form a solid tamper proof block. 

As shown in FIG. 5 and FIGS. 6A and 6B, the touch sensor 410 with the 
15 potted touch controller 405 makes touch screen 520. Touch screen 520 may be 
mounted on a frame 510. To detect the removal of the touch screen 520 from its 
mounting frame 510 a switch 530 may be placed between the frame 510 and the touch 
screen 520. In the preferred embodiment, the switch 530 may be designed to be an 
integral part of the potted touch controller 405 and touch sensor 410. The switch 
20 should be housed in a secure section so that it may not be removed. As shown in FIG. 
6B, the installation of the touch screen 520 into the mounting frame 510 activates the 
switch 530 and completes that portion of a circuit that provides an indication to the 
encryption electronics that the screen is in place and that infusion of encryption key(s) 
can take place or that the encryption key(s) may remain in memory. As shown in FIG. 
25 6A, if the touch screen 520 is removed from the frame 5 10, the switch 530 opens and 
the resident encryption keys may be immediately flushed from memory. Any attempt 
to remove the screen to actively or passively obtain the encryption key destroys the 
current encryption key and disables the touch screen 520. Further, once the key is 
destroyed, information regarding the tampering is available remotely at the site and 



BNSDOCID: <WO 0057262A1_I_> 



WO 00/57262 



PCT/USOO/07215 



7 

can be transferred via up-link to remote locations such as the home office, 
maintenance depots, or other places. Note that there may be one or more than one 
encryption keys. 

In the preferred embodiment, the mechanical design of the mounting frame 
5 510 should both visibly hide and physically shield the switch 530. The reason for this 
is to prevent someone from removing the touch screen 520 while keeping the switch 
530 closed either manually or with the assistance of a tool 

To meet the operational requirements of a PED, the preferred embodiment 
may include a microprocessor that is able to perform the combinatorial and 
10 cryptographic functions. Since the touch screen sensor is used, the preferred 

embodiment must also include a touch controller. The microprocessor and the touch 
controller are similar devices that can be combined into a single general purpose unit 
that performs the functions of both, saving cost and complexity in the system while 
raising the level of physical security. 
15 In the preferred embodiment, the combined microprocessor and touch 

controller is called the 'Encrypting Touch Controller 5 or ECT 310. Because the ECT 
includes the touch controller, it may have to be physically secure to the touch sensor if 
the sensor is resistive or infrared, as discussed earlier. Also, because the ECT 310 
contains the microprocessor, it must be resistent to tampering. In the preferred 
20 embodiment, resistence to tampering is achieved through the use of fit-for-purpose 
microprocessors that are standard in the industry such as an 8051-based 
microcontroller using address encryption and self-descruting circuitry. These standard 
devices may have metalic layers built into the microprocessor that cause destruction of 
the microprocessor when mechanically violated. Furthermore, these devices include 
25 memory-zeroing circuitry that is enabled when physical access to the overall package 
is detected. In addition, some of these devices include encrypted programming 
instructions and encrypted bus addresses as a further deterrent. If the touch sensor 
technology and electronics availability does not allow the sensor to be completely 
contained within the die of the microprocessor, potting of the assembly will serve to 
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protect its contents from probing or violation. 

In the preferred embodiment the ECT may also include an encryption engine 

and key storage 320. The encryption engine 320 may utilize any encryption 

algorithms, some of which include the Data Encryption Standard (DES) and the 
5 Derived Unique Key Per Transaction (DUKPT). The encrypted data that is stored 

may be a Personal Identification Number (PIN) or a fleet card number such as that 

used by a truck driver in a fleet. 

In the preferred embodiment, the ECT may be connected to a remote computer 

325 that may contain a main display 330 and a main speaker 325. The computer 325 
10 may be a remote processor that controls a pay terminal or an entry order terminal. Pay 

terminals and entry order terminal may be a gasoline dispenser, a public access 

terminal, a food ordering terminal or a ticket purchasing terminal. 

As in both the touch screen and PED implementations, the ECT 310 

communicates with the application program residing on the computer. This allows 
15 the ECT 310 to perform interactions as needed by both PED and touch screen devices. 

The ECT 310 therefore performs the following functions: 

• Decoding touch sensor signal 3 1 8 into coordiantes; 

• Securely storing cryptographic keys; 

• Securely performing encryption; and 
20 • Interacting with computer 325. 

The preferred embodiment must operate both as a conventional touch screen 
device and as a PED device (T-PED). This dual role requires that the preferred 
embodiment of the T-PED operate modally under the control of the application 
program or computer. Sometimes the desired behavior of the T-PED is to operate as a 
25 secure PED device, while other times it is desirable that it act as a simple touch screen 
pointer device. This is achieved through a protocol that the T-PED uses to 
communicate with the application program. This protocol supports the transfer of 
information related to touch input and cryptographic entry. 

The protocol command that instructs the type of functionality the touch screen 
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will perform is the "Input Mode Select" command. This command bridges the gap 
between the two input device types that the T-PED replaces. The "Input Mode 
Sclecf may be set to "select PIN mode" or "Select Clear Mode". 

If the desired mode of operation is PIN entry, the Input Mode Select command 
5 from the computer must contain enough information to allow the T-PED to begin 

processing touch inputs independently until the end of a PIN entry sequence is found. 
This means that the T-PED is provided with the following information: 

• Calibration parameters that translate the touch screen coordinate system to the 
display coordinate system of the image displayed on the screen. Optionally, 

10 these parameters may be downloaded in advance under a secure authentication 

protocol just after the calibration procedure is performed as an additional layer 
of security; 

• Location and size of the keys 0-9 ENTER and CLEAR; 

• Desired maximum and minimum number of PIN input digits; 
15 • Desired maximum elapsed time before input is aborted; 

• Desired maximum number of CLEAR presses before input is aborted; 

• Desired mode of touch activation, either activate target on select or on release; 

• Desired cryptographic algorithm; 

• Any additional data that corresponds to the required cryptographic algorithm 
20 (session keys, sequence numbers, etc.) 

Since the application program is in control of the screen, it must display an 
image of a PIN entry pad and immediately send the T-PED a command to enter PIN 
mode that corresponds to the displayed image. The parameter information that must 
be included would be the location where each key is displayed. 
25 Once the T-PED receives this command, the T-PED will begin processing 

touches in PED mode. As touches are determined by the touch controller, they are 
calibrated within the T-PED using the values specified in the "Input Mode Select" 
command. During PED mode, the T-PED will send requests to the computer using 
protocol commands, described below, for the following: 
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• Request to sound 'good' tone or 'bad' tone. This allows the T-PED to indicate 
an error to the user such as too many digits pressed, too few digits entered, 
current selection is not a digit, etc. 

• Request to inform user of successful entry of a digit. This allows the T-PED 
5 to provide feedback to the user without revealing any secure data. The reason 

for this feedback is to provide the user with some confidence that the system is 
accepting their input, otherwise, the user may think that the system has 
malfunctioned. 

• Request to inform the user that the CLEAR key has been successfully pressed. 
10 The T-PED will remain in PIN input mode until one of the following conditions is 

met: 

• A successful sequence of digits has been entered, followed by the ENTER key 
being pressed; or 

• Timeout without successful entry of an allowable number of digits followed by 
15 ENTER; or 

• Too many retries pressing the CLEAR key. 

If a timeout or too many retries pressing the CLEAR key is detected by the T- 
PED, the T-PED will send an abort message to the computer. 

At the conclusion of PIN entry mode, the TPED will return to the computer a 
20 successful encrypted PIN block or an indication of an unsucessful PIN entry. Once 
the application acknowledges the conclusion of PIN mode, the T-PED will return to 
default touch screen mode, returning coordinates (relative or absolute) of each user 
interaction. 

The following is an example of an application program utilizing a touch screen 
25 as a conventional touch screen and as a PED. 

1 . Computer sends T-PED the "Input Mode Select" command set to 
"Select Clear Mode". 

2. Computer displays on the touch screen a menu of choices, such as 
'Exit', 'Buy Flowers', or 'More Choices'. 
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Computer waits for user input 

When the T-PED receives a touch, the following is returned to the 
computer: 

A. Touch down at 45,305 

B. Touch continued at 45,305 

C. Touch continued at 45,305 

D. Touch release at 45,305 

After input A, the computer plays a tone to the user. 
The computer determines the coordinate pressed is the 'Buy Flowers' 
key (based on application programming). The 'Buy Flowers' button is 
highlighted on the screen for feedback. 

Inputs B and C have no effect on the screen, though the application 
program monitors them to insure that the user is not performing a 
'drag' operation in which the touch is changing coordinates or that the 
'Buy Flowers' button is released. 

Once input D is received, the computer determines that the user wants 
to buy flowers. This requires input of an encrypted PIN. 
The computer then informs the T-PED to enter encrypted PIN mode. 
The computer displays an industry standard PIN pad including colors 
and keys as required. 

The T-PED enters encrypted mode and the following coordinates are 
received: 

A. Touch down at 100,67 

B. Continued touch at 100,67 

C. Touch release at 100,67 

After input A, the T-PED determines that the user is selecting a valid 
key (because the calibrated coordinates are inside a rectangle described 
in the Tnput Mode Select' command). Based on this, the T-PED sends 
the computer a request to sound a 'good tone'. 
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1 3. After input C, the T-PED determines that the user has released a touch 
on a valid digit. Based on this, it sends the value of the digit to the 
encryption system within the T-PED secure enclosure. It also sends the 
computer a request to provide feedback of a good digit, but it docs not 

5 send the actual digit value outside of the secure T-PED enclosure. 

14. This process repeats for each digit, with the T-PED processing touches 
until the ENTER key is pressed at a valid time. 

15. The T-PED completes the encryption of all the inputs from the user 
and forwards the encrypted data back to the application program. 

10 16. The application program is then free to forward this information as 

needed to secure a financial transaction. 
17. The application program displays the next menu for the user (encrypted 
or otherwise), asks the T-PED to operate in the appropriate mode, and 
so on. 

15 In addition to the operation of the T-PED as an input device, it must also 

support the protocols for encryption initialization that are required for PED operation. 
This can be achieved through programming on the T-PED. Encryption initialization 
requires the T-PED to be provided a master key to derive session keys or a sequence 
of derived unique keys and a unit serial number. There are ANSI and ISO standards 

20 that define command and framing for key data transfer to a device. In the preferred 
embodiment, the T-PED input port is programmed to understand key data commands. 
Once programmed, the key transfer process can be perfromed thus initializing the 
device with the needed encryption keys. 

The T-PED system described in FIG. 3 is programmable to perform many 

25 different applications. This is an advantage, but may also be a disadvantage and 
liability. Due to the ECT's 310 ability to operate in encrypted and unencrypted 
modes, it would be possible for a fraudulent party to introduce a software program on 
the computer that would ask a user to input a secret PIN number without engaging the 
encrypting mode of the T-PED. This would render the system in a mode where touch 
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coordinates for each digit would be sent from the T-PED to the computer (because the 
T-PED was not put in to encryption mode) thus making the users' secret code subject 
to fraudulent disclosure. This approach is known in the art as a Trojan Horse' attack 
on the security provided by the inherently safe T-PED design. 

5 To secure the system from a Trojan Horse attack, the industry accepts two 

methods of overcoming the attack: cryptography and policy. Where policy is used, an 
implementor of the system would be responsible for securing access to the computer 
and thus insure that no fraudulent content is introduced. The policy would be that the 
system should be carefully guarded and periodically reviewed for integrity. Where 

10 cryptography is used, the system would be protected by removing all access to the 

computer except for a cryptographically secure upgrade communication channel. This 
channel would allow new applications and content to be loaded on to the computer, 
but these could only be loaded from a known authenticated source that would by 
definition be protected through policy. A large set of systems, for example, could be 

15 centrally controlled by a bank or other institution through the use of the industry 

standard Secure Sockets Layer (SSL) communication that would guarantee that any 
updates to the computer would be certified and secure to use the T-PED in its proper 
modes of operation. 

The above-described embodiments are given as illustrative examples only. It 

20 will be readily appreciated that many deviations may be made from the specific 

embodiments disclosed in this specification without departing from the scope of the 
invention. Accordingly, the scope of the invention is to be determined by the claims 
below rather than being limited to the specifically described embodiments above. 
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CLAIMS 

J . A system for selectively generaling encrypted or non-encrypted data within a 
touch screen device and transmitting the data to a remote processor, 
comprising: 

(A) sensing means for detecting the coordinates of a touch on the touch 
screen device; 

(B) toggling means for toggling between an encryption and non-encryption 
mode; 

(C) processing means for: 

(i) encrypting data associated with the coordinates of the touch 
using an encryption key and transmitting the encrypted data to 
the remote processor, if the toggling means is in the encryption 
mode; and 

(ii) transmitting data associated with the coordinate of the touch in 
an unencrypted format to the remote processor, if the toggling 
means is in the non-encryption mode; 

(D) tamper resistant housing for containing the sensing means, toggling 
means and processing means; and 

(E) switch means for detecting if the tamper resistant housing is intact. 

2. The system of claim 1, wherein the tamper resistant housing includes the 
sensing means, the toggling means, the processing means and the switch 
means mounted on each other. 

3. The system of claim 1, wherein if the switch means detects that the resistant 
housing is not intact the encryption key is deleted. 

4. A system for selectively generating encrypted or non-encrypted data within a 
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touch screen device and transmitting the data to a remote processor, 
comprising: 

(A) sensor for detecting the coordinates of a touch on the touch screen 
device; 

(B) toggle switch for toggling between an encryption and non-encryption 
mode; 

(C) processing means for: 

(i) encrypting data associated with the coordinates of the touch 
using an encryption key and transmitting the encrypted data to 
the remote processor, if the toggling means is in the encryption 
mode; and 

(ii) transmitting data associated with the coordinate of the touch in 
an unencrypted format to the remote processor, if the toggling 
means is in the non-encryption mode; 

(D) tamper resistant housing for containing the sensing means, toggling 
means and processing means; and 

(E) switch for detecting if the tamper resistant housing is intact. 

5. The system of claim 4, wherein the tamper resistant housing includes the 
sensor, the toggle switch, the processing means and the switch mounted on 
each other. 

6. The system of claim 4, wherein if the switch detects that the resistant housing 
is not intact the encryption key is deleted. 

7. A method for selectively generating encrypted and non-encrypted data within a 
touch screen device and transmitting the data to a remote processor, 
comprising the steps of: 

(A) detecting the coordinates of a touch on the touch screen device; 
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(B) toggling between an encryption and non-encryption mode; 

(C) encrypting data associated with the coordinates of the touch using an 
encryption key and transmitting the encrypted data to the remote 
processor, if the toggling means is in the encryption mode; 

(D) transmitting data associated with the coordinate of the touch in an 
unencrypted format to the remote processor, if the toggling means is in 
the non-encryption mode; and 

(E) detecting tampering with the touch screen device, if tampering is 
detected deleting the encryption key. 

8. The system of claim 7 wherein step (E) includes transmitting information 
regarding the tampering to the remote processor. 
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RESISTIVE SOLUTION 

FIG.4 
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